[SDL] Please check for WORM_NETSKY.P

Michael B. Edwin Rickert panda at industry.no-ip.com
Fri Jan 28 10:50:56 PST 2005


The emails I've gotten recently match up perfectly with the 
WORM_NETSKY.P patterns (which spreads via IE security hole and 
attachments (these emails)), I'm (nearly) sure whoever is sending this 
probably dosn't know it, not being intentionally bad that is.

I've just been trying so hard to keep this email 100% free of spam... 
and I like to (try) and inform people to get such crap removed rather 
than simply ignoring the problem as it grows, as it wastes precious 
internet bandwidth, and worse, our time :).

I should note that the emails these are "sent" from have no correlation 
to real emails (some even come from domains that don't exist) - the 
"from" field is set by the sender, and the sender dosn't even have to 
have a receiving email account (yes, you can be lacking a 
you at someone.com and still send email).

John Josef wrote:
> I am getting them also. I don't use windows so it's fruitless but seems
> like someone is doing something bad....
> 
> h15n6c1o1100.bredband.skanova.com [81.225.29.15]
> 
> I've gotten a multitude of different email addresses though. Ranging
> from @paypal.com to @aol.com
> 
> On Fri, 2005-01-28 at 06:02 -0800, Michael B. Edwin Rickert wrote:
> 
>>Yowza, recieved 7 more since I last checked my email, all from that same 
>>subnet, from these IPs:
>>
>>81.225.30.247
>>81.225.29.95
>>81.225.29.95
>>81.225.28.190
>>81.225.28.190
>>81.225.29.181
>>81.225.29.181
>>
>>On the plus side, It gives me something to help train Thunderbird's junk 
>>filters with :).
>>
>>David Olsen wrote:
>>
>>>Yes, I received one as well, and I have not received an email virus in a
>>>VERY long time... I definitely think it is someone on this list. Please
>>>follow the link provided by Mr. Rickert :
>>>http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FNETSKY%2EP&VSect=Sn
>>>
>>>the IP I received it from was : 81.225.29.95
>>>Thanks!
>>>
>>>----- Original Message ----- 
>>>From: "Michael B. Edwin Rickert" <panda at industry.no-ip.com>
>>>To: "A list for developers using the SDL library. (includes SDL-announce)"
>>><sdl at libsdl.org>
>>>Sent: Thursday, January 27, 2005 12:56 AM
>>>Subject: [SDL] Please check for WORM_NETSKY.P
>>>
>>>
>>>
>>>
>>>>Recently recieved the Netsky worm (WORM_NETSKY.P) from someone. I have
>>>>given this email out to almost nobody (and allready checked with those I
>>>>have, along with their IPs), using it mainly for website registrations
>>>>and this mailing list.
>>>>
>>>>As such, I'm pretty sure I've recieved it from someone on this list. If
>>>>you have the IP address 81.225.27.238, or have anything similar in the
>>>>case of a dynamic IP, please follow the removal instructions for
>>>>WORM_NETSKY.P .
>>>>
>>>>Removal information is here:
>>>>
>>>
>>>http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FNETSKY%2EP&VSect=Sn
>>>
>>>
>>>>(general anti-virus software would be recommended for you as well)




More information about the SDL mailing list